The revelations of the past month and a half have shone light on system of suspicionless global and domestic surveillance so pervasive that George Orwell would have been stunned. The goal of the NSA is that all electronic communication whatsoever will be stored and analyzed. If “red flags” are raised in the analysis, or if suspicion is raised for other reasons, then a closer look may be had.
PRISM allows a target's communications to be surveilled in real time. This is made possible by the complicity of the largest internet service providers. PRISM says when a person is logged on, what sites they visit, who they are talking to and what they are saying and more. Exactly what is available varies by provider. Collection begins the moment an analyst makes the decision, in many cases, there may be several days of queued surveillance, and perhaps years worth of queued metadata already waiting to be imported before the analyst made the determination. Retroactive permission is then obtained either by the Foreign Intelligence Surveillance Court (FISC) or by a Foreign Intelligence Surveillance Act (FISA) adjudicator, in the unlikely event of a denial, collection ceases. It remains unclear what happens to communications that were collected in the time frame between analyst's collection and the denial. An attempt is made not to collect data on U.S. persons; nonetheless, any incidental collection from U.S. persons is mined for intelligence, and may still be passed on, unredacted, to the FBI or CIA. PRISM isn't the only such program. There are Boundless Informant, FAIRVIEW, Blarney, MAINWAY, X-Keyscore, Turbulence and many more.
The gap in the data on U.S. persons is filled by an intelligence sharing agreement known as the Five Eyes Alliance, consisting of the U.S., Canada, U.K., Australia, and New Zealand. Member countries in this agreement pass data to one another — thereby bypassing the Fourth Amendment as well as any local laws forbidding domestic data collection within the other member countries. The U.K.'s project Tempora collects data from over 200 fiber-optic communications cables. The entire contents of which (phone calls, email, chat, etc.) are stored for a period of three days, and the metadata for another 30. Its capabilities are continuously expanding. To quote Lt. Gen. Keith Alexander of the National Security Agency (NSA), “Why can't we collect all the signals, all the time?” In addition to the Five Eyes Alliance, treaties and intelligence agreements with other countries and with corporations as well. The NSA partnered with Brazilian companies to enable bulk spying on the Brazilian citizenry. An investigation has just begun to determine whether the Brazilian government knew about or gave permission for this; it is presumed not.
The next major piece of apparatus coming online soon is the Utah Data Center, also known as the Intelligence Community Comprehensive National Cybersecurity Initiative Data Center. Estimates on its capacity vary, but it is suspected to be in the exabyte to zetabyte range (Bill Binney, mathematician and NSA whistleblower gives an estimate of five zetabytes). It has the capacity to store long term every bit of signal intelligence (email, fax, video, voice, chat and more) ever collected, anywhere in the world. With room to spare. It is also to be used for decryption of all enciphered content on the internet. The Utah Data Center will not be alone, at least three other large facilities are in the process of being built.
Suspicion can be determined simply by algorithm, using certain programs that are popular abroad, but not in the states. Communications that are encrypted are nearly guaranteed to be stored indefinitely in the NSA servers. A person may be deemed suspicious simply by communicating with someone who has communicated with a suspected malefactor, and, according to the latest testimony before the House Judiciary Committee, a three-hop query may be performed.
This brings up the “Oracle of Bacon”: Did you know that more than 300,000 actors are within two degrees of separation from Kevin Bacon? The Oracle of Bacon is an example of what is called a social graph, it queries a database of actors, and the films they starred in, this can be used to connect one actor to another by a series of films. Using this tool, it is even possible to connect Osama bin Laden to Kevin Bacon in only three hops. Similar tools exist for the phone number database, and email databases. Bill Binney describes how these social graphs can even be laid on top of one another to create a three dimensional social graph, one for phone records, one for emails, and a third for Mail Covers, a fourth for Facebook, and a fifth for Skype, and so on. By the time a person's social graph is extended to a mere three hops, it is often over a million. So when the NSA assures you that the phone record database has been queried only 300 times, do not be assured, those 300 queries may well contain 300 million individuals between them, given no overlap.
Let's spend a moment talking about the laws that make this possible. They are primarily FISA and the PATRIOT Act, and their amendments.
FISA was intended to check the abuses of the prior years. A secret court was set up, with judges who have a top security clearance. It sounded like a good idea at the time, and it was. But there are serious deficiencies: it is entirely ex parte, only the government gets to speak; and only the government has the right to appeal, first to the Foreign Intelligence Surveillance Court of Review (FISCR), and then to the Supreme Court. Three chances for a “yes.” The batting average is 99.97 percent. It is remarkable to note the opinion of General Michael Hayden: he said that, rather than being proof of a rubber stamp, it was an indication that they didn't press the court hard enough. He did not lie, and he was not mistaken. Given that the court allowed the NSA to obtain the call records of every American, it is terrifying to contemplate just what else the court would have allowed, had only they been asked.
The PATRIOT Act section 215 allows the FBI to demand “tangible things” without ever showing probable cause, reasonable suspicion, or anything else. It further prevents the recipient of section 215 orders from disclosing them to anyone. And the target of those orders will never be notified. This is what law allowed the FBI to demand on an ongoing and daily basis, the call logs of all Verizon customers. Such bulk collection of “metadata” is not limited to call logs; all parcels, postcards, and envelopes of mail have been photographed and the images stored.
Challenges to this law have universally failed because of the inability to prove the surveillance and its consequences. There are further dangerous erosions to the Constitution set by recent court cases. Just the mere exercise of the Fifth Amendment may be used as evidence of guilt in trial (Salinas v. Texas).
And these laws do have grave consequences. Whistleblower Russ Tice describes how the NSA was used to do the political bidding of the White House by wiretapping Samuel Alito, David Petreaus, Colin Powell and even Barack Obama. An ordinary person could be placed on a Terror Watch List without having any idea how they got on it, nor any ability to challenge it. U.S. soldiers are frequently mistakenly on this list due to their deployments in the Middle East, Afghanistan and other hot spots, an example of suspicion by algorithm; a computer looks at their travels and raises red flags without seeing the reason for it. This places severe limits on a person's freedom of movement, and even future employment prospects. Beyond the laws we have dangerous policies, indefinite detention without charge, years languishing in jail awaiting trial, “enhanced interrogation,” “extraordinary rendition,” being declared an “enemy combatant” or even the possibility of being murdered by drone aircraft.
Revealing this isn't doing any favors to the jihaddis. They have been using extremely strong encryption, throw away accounts, TOR (an anonymity network), and virtual machines for years. We are not having great luck catching the non-Luddites by purely electronic means. Further, it is highly probable that The Enemy knows the names of many NSA personnel and what projects they worked on, and the names of many other programs. Some Intelligence personnel have been posting their resumes on LinkedIn, and these resumes often mention code names. Public job postings are another rich source of code names, and sometimes vague outlines of the programs. For instance, if you enter the name XKeyscore, and Fort Mead, MD into the engine HYPERLINK "http://Indeed.com/"Indeed.com, you will find job listings for that program.
Our present policies, however, are helping the enemy. The mere use of words like “enemy combatant” and the use of military tactics allows the terrorists to call themselves soldiers. They are allowed to see themselves as legitimate fighting force. And justify their crimes as “collateral damage.” And we are letting them. We are giving them a political and moral edge that they do not need to have. Being seen as a government that engages in torture and general hypocrisy is not helping matters either.
Despite all this, there are bright spots. The existence of a Civil Liberties Protection Officer, policies to mitigate the damage to U.S. citizens, and internal resistance to the worst policies. In 2004 there was a full-scale rebellion led by now-FBI Director James Comey against Stellar Wind (another dragnet NSA warrantless domestic surveillance program), when Attorney General John Ashcroft was on his deathbed (he got better). Ill as he was in hospital, Ashcroft took a stand, and made it clear; “if I die, Comey is in charge.” Comey then killed Stellar Wind. The large companies that are a party to PRISM are suing for a declassification of their role in the program. Yahoo! has already won that right. A number of very large lawsuits have already been filed against the NSA demanding, among other things, an end to the program. An Ex-FISA Judge has opined that the FISA Court needs an adversary, so the government isn't the only voice. The author of the PATRIOT act, Congressman Jim Sensenbrenner bluntly stated that there weren't enough votes to renew section 215 of the PATRIOT Act unless serious reforms take place. And it is possible to wake up from even a very dire Orwellian nightmare. East Germany, and the old Soviet Bloc did just that. Change is possible.
An informed and active public is absolutely necessary to overcome our situation. But it is possible. Good and brave people still exist. Even within government. Even in the Opposite Party. We must become engaged, and also engage those in power.
The dangers are these: conspiracy and rumors are kings when the truth is unknowable and those who do know the truth lie. This perpetrates a climate of fear. It would only take a few of the wrong people in the right positions to turn the systems designed to protect us into a weapon of oppression.
There is a better solution. Terrorism thrives in places where the greatest injustices exist. Where there are few better options. Where a person may sign up with the jihaddis just to put food on the table. We must have a just society, and promote it worldwide. We must deal with our neighbors honestly and fairly. We must stop treating jihaddis as a legitimate fighting force and sic the justice system on them. Open and fair trials for their crimes. The world must see that they are criminals who commit murders, rapes and kidnappings, and to join them makes you a criminal, not a soldier.
There are limited protections against the spying on U.S. persons, but the rest of the world has none such. The ordinary citizens of other countries can expect to be surveilled en masse by the U.S., by other countries, by their own country, and by corporations. We are facing the possibility of becoming an Orwellian society where the people are always afraid, and have no rights. And not just in our country, in many others, all at once. But it it is not inevitable, if we push hard enough, long enough, for real reforms and changes, we may yet prevent it from becoming a reality.